WIKI Liberasys

Outils pour utilisateurs

Outils du site

Piste : mikrotik_voip_script
mikrotikvoip:mikrotik_voip_script

Ceci est une ancienne révision du document ! 

########################################################################
# VoIP Mikrotik script : symetric NAT and firewall filter rules        #
# Author : G. HUSSON, Liberasys, 201904, contact_web _@_ liberasys.com #
# License : EUPL v1.2 - https://opensource.org/licenses/EUPL-1.2       #
# Prerequisits : having preestablished firewall rules and masquerading #
# HOWTO :                                                              #
#   - set variables corresponding to your installation                 #
#   - run the script                                                   #
#   - move the lasts two rules fo the firewall filter rules where it   #
#     shoud be                                                         #
########################################################################


# Initialise variables
:global internalIp;
:global internalInterface;
:global externalIp;
:global externalInterface;
:global voipHttpsPort;
:global voipHttpPort;
:global voipSIPPort;
:global voipSIPsPort;
:global voipTunnelPort;
:global voipMediaPort;
:global initialNatRulesPosition;

# Set variables (change them !!!!)
:set internalIp "192.168.0.10";
:set internalInterface "bridge-internal";
:set externalIp "1.2.3.4";
:set externalInterface "bridge-internet";
:set voipHttpsPort 443;
:set voipHttpPort 80;
:set voipSIPPort 5060;
:set voipSIPsPort ($voipSIPPort + 1);
:set voipTunnelPort 5090;
:set voipMediaPort "9000-10999";
:set initialNatRulesPosition 0;

# Clean previously defined rules
/ip firewall nat remove [ find comment ~ "(#VOIPscript)" ]
/ip firewall filter remove [ find comment ~ "(#VOIPscript)" ]

# Disable SIP ALG
/ip firewall service-port disable sip

# Set NAT rules (they have to be before any masquerading rule)
/ip firewall nat add action=dst-nat \
    chain=dstnat \
    in-interface=$externalInterface \
    dst-address=$externalIp \
    protocol=tcp \
    dst-port="$voipHttpsPort,$voipHttpPort,$voipSIPPort,$voipSIPsPort,$voipTunnelPort" \
    to-addresses=$internalIp \
    log=yes \
    log-prefix=voip-in \
    place-before=$initialNatRulesPosition \
    comment="VoIP TCP - IN  (#VOIPscript)"

/ip firewall nat add action=src-nat \
    chain=srcnat \
    src-address=$internalIp \
    out-interface=$externalInterface \
    protocol=tcp \
    src-port="$voipHttpsPort,$voipHttpPort,$voipSIPPort,$voipSIPsPort,$voipTunnelPort" \
    to-addresses=$externalIp \
    log=yes \
    log-prefix=voip-out \
    place-before=$initialNatRulesPosition \
    comment="VoIP TCP - OUT, symetric NAT  (#VOIPscript)"

/ip firewall nat add action=dst-nat \
    chain=dstnat \
    in-interface=$externalInterface \
    dst-address=$externalIp \
    protocol=udp \
    dst-port="$voipSIPPort,$voipSIPsPort,$voipTunnelPort,$voipMediaPort" \
    to-addresses=$internalIp \
    log=yes \
    log-prefix=voip-in \
    place-before=$initialNatRulesPosition \
    comment="VoIP UDP - IN  (#VOIPscript)"

/ip firewall nat add action=src-nat \
    chain=srcnat \
    src-address=$internalIp \
    out-interface=$externalInterface \
    protocol=udp \
    src-port="$voipSIPPort,$voipSIPsPort,$voipTunnelPort,$voipMediaPort" \
    to-addresses=$externalIp \
    log=yes \
    log-prefix=voip-out \
    place-before=$initialNatRulesPosition \
    comment="VoIP UDP - OUT, symetric NAT  (#VOIPscript)"

# Set firewall filter rules
/ip firewall filter add action=accept chain=forward \
    in-interface=$externalInterface \
    out-interface=$internalInterface \
    dst-address=$internalIp \
    protocol=tcp \
    dst-port="$voipHttpsPort,$voipHttpPort,$voipSIPPort,$voipSIPsPort,$voipTunnelPort" \
    log=yes \
    log-prefix=voip-in \
    comment="Internet -> VoIP server - TCP  (#VOIPscript)" 

/ip firewall filter add action=accept chain=forward \
    in-interface=$externalInterface \
    out-interface=$internalInterface \
    dst-address=$internalIp \
    protocol=udp \
    dst-port="$voipSIPPort,$voipSIPsPort,$voipTunnelPort,$voipMediaPort" \
    log=yes \
    log-prefix=voip-in \
    comment="Internet -> VoIP server - UDP  (#VOIPscript)" 

# Clean variables
:set internalIp;
:set internalInterface;
:set externalIp;
:set externalInterface;
:set voipHttpsPort;
:set voipHttpPort;
:set voipSIPPort;
:set voipSIPsPort;
:set voipTunnelPort;
:set voipMediaPort;
:set initialNatRulesPosition;
mikrotikvoip/mikrotik_voip_script.1556098762.txt.gz · Dernière modification : 2019/04/24 09:39 de ghusson